Notes having to do with Arch Linux on Loro and friends

Contents

• 1  Installation
  • 1.1  Basics
  • 1.2  Solid state disks
  • 1.3  SATA disks
  • 1.4  NVME disks
  • 1.5  Intel processors
  • 1.6  Intel AMT
  • 1.7  Thinkpad laptops
    • 1.7.1  Notes on Lenovo Thinkpad X230 and X1 Carbon, Generations 1, 4, 5
    • 1.7.2  Notes on Lenovo Thinkpad E485
    • 1.7.3  Upgrading (or downgrading) the BIOS on Thinkpads
  • 1.8  Upgrading the operating system
• 2  Special installation instructions for loro
  • 2.1  Secure shell daemon
  • 2.2  Network file system
  • 2.3  Running MPI jobs
  • 2.4  Periodic jobs
  • 2.5  New user setup on loro
• 3  Special instructions for merlin
• 4  Enabling core dumps
• 5  Python
• 6  Networking
  • 6.1  Simple networking
  • 6.2  Laptops
  • 6.3  IP masquerading
• 7  Printing with CUPS
  • 7.1  CUPS client machine
• 8  Printing with LPRNG
  • 8.1  User hints
  • 8.2  Components of LPRNG
  • 8.3  Installation
  • 8.4  Arch package
  • 8.5  Print server setup
  • 8.6  The printcap file and filters
  • 8.7  CUPS and LPRNG together
• 9  Desktop managers
• 10  Desktop environments
• 11  Drawing packages on Linux
• 12  Making Arch packages for AUR

1  Installation

1.1  Basics

Here is how to do the Arch install on systems connected to loro.

• The Arch install now has 64 bit installs; 32 bit linux is no longer supported. Get this image from the Arch Linux website and install it on a USB stick using “dd”:
  • dd bs=4M if=/path/to/arch???.iso of=/dev/sdx status=progress && sync
  • The .iso boot image should be the input file (if).
  • The USB stick should be plugged in to a USB port and the appropriate device determined using “dmesg”. This might be, for instance, “/dev/sdb” or something similar. The partition on the USB stick should not be included, i.e., not “/dev/sdb1”.
• Get your IP address, gateway IP number, DNS IP number, and hostname before starting. (Networks with dhcp don’t need these numbers.) The loro administrator will add your hostname to the /etc/hosts files on loro and friends. Also, decide how to partition your disks. We generally partition as follows:
  • Disk 1:
    • 1: 1 GB EFI (fat (ef00), for UEFI boot manager – this is probably overkill at this point, but we need enough space to put all of the kernel-related files. For an old style BIOS boot manager, make a linux ext4 (8300) partition type.)
    • 2: 15 GB, swap (8200)
    • 3: 30 GB root (linux; 8300)
    • 4: the rest, /data, /home, /local, depending on what is needed
  • Other disks should be set up with various partitions as needed. However, do not install a boot partition and do not make other disks bootable. Doing so can cause confusion when booting the system.
• Before starting the install, get into your machine’s boot manager:
  • Set the time and date to UTC time and date.
• If you have a UEFI boot manager, do the following (skip if you have an old-fashioned BIOS boot manager):
  • Turn off “secure boot” so that Linux can be loaded.
  • You may or may not wish to turn on “legacy mode” so that the traditional BIOS boot manager is used; your mileage will vary with different motherboards. Trial and error is needed here.
• After booting the machine with the install medium (usually a USB stick), proceed as follows:
  • If your network connection is running DHCP on a wired ethernet, the network will be set up automatically. Skip to disk partitioning below. Otherwise:
  • Look at the contents of “/sys/class/net” or alternatively, run “ip addr” to find the name of your network device. Linux network device names used to change from boot to boot, but this is no longer true.
  • The entry “lo” is your loopback interface, which you should not use. If you have one ethernet card there will be one other entry (e.g., “eth0”, “enp5s0”, or similar; wired ethernet devices tend to start with “e” and wireless devices with “w”.). If there are more than one, than trial and error is needed to figure out which is connected to the external internet. Replace “ETHNAME” below with the selected name and run
    • ip link set ETHNAME up
    • ip addr add IPADDRESS/24 dev ETHNAME
    • ip route add default via GATEWAY
    where “IPADDRESS” is the internet address of your machine and “GATEWAY” is the internet address of your gateway to the external network.
  • Edit /etc/resolv.conf (using either the nano or vi editors)
    • If you are inside the IP masquerading firewall, add lines “nameserver 192.168.100.254” and “search nmt.edu”.
    • If you are outside, add lines “nameserver 129.138.250.10”, “nameserver 129.138.4.63”, and “search nmt.edu”. (Everybody is inside now except for kestrel and merlin.)
  • Partition the root hard drive:
    • Use cgdisk to figure out which disk you want as your bootable drive. Be careful – sometimes /dev/sda is your USB installer! Also, these device names can get switched from boot to boot. Using UUID partition names solves this problem and is discussed below. For now, use the “/dev/sd?” form.
    • cgdisk /dev/sda (or what ever drive your boot drive is named)
    • mkfs.fat /dev/sda1 (if you have a UEFI bios) or
    • mkfs.ext4 /dev/sda1 (if you have a traditional bios)
  • Make other file systems: run
    • mkfs.ext4 /dev/sda3; etc.
  • Make swap space: run
    • mkswap /dev/sda2 && swapon /dev/sda2
  • Partition and make file systems for any other disks (you don’t need or want boot partitions).
  • Select an Arch mirror by editing “/etc/pacman.d/mirrorlist”. (Often the default is fine.)
  • Mount your root partition by running
    • mount /dev/sda3 /mnt
  • Install the base system by running
    • pacstrap /mnt base
  • Generate an fstab file on your new system by running
    • genfstab -p /mnt >> /mnt/etc/fstab
  • Chroot into your new system by running
    • arch-chroot /mnt
  • Editing a bunch of files is now necessary.
    • If you are happy with the nano or vi editors, both of these are available. If you prefer emacs, download the non X11 version:
      • pacman -S emacs-nox
    • Create the file “/etc/hostname” containing in one line the name of your system (without the .nmt.edu part). or a CDROM according to their instructions.
    • Edit the file /etc/hosts; add a line of the form “IPADDRESS system_name nickname”. Inside the firewall omit the nickname and just put your system name without the “.nmt.edu” part. Outside the firewall your system name should include “.nmt.edu” and the nickname should be the system name without the “.nmt.edu”. Note that the /etc/hosts file will be replaced for loro and friends later.
    • Set the timezone:
      • You may have to remove a default “localtime” file. Then run
      • ln -s /usr/share/zoneinfo/America/Denver /etc/localtime
    • Set the locale: edit “/etc/locale.gen”, uncommenting the line containing en_US.UTF-8. Run
      • locale-gen
    • Finally, create the file “/etc/locale.conf” and add a single line containing “LANG=en_US.UTF-8”.
    • Specify that the hardware clock is in UTC: run
      • hwclock - -systohc - -utc
    • Configure the network:
      • Create a file “/etc/netctl/external” and copy the appropriate example from /etc/netctl/examples into it. Edit it as needed. If you are loading from wireless, the package “wpa_supplicant” should be installed. The “Interface” variable may also need to be altered from its default value, as in the original network setup. (The name of the network is “external”. This is completely arbitrary and can be whatever you desire.)
      • Execute the command “netctl enable external” to bring the network up on the next reboot.
      • Note that the DNS entry makes netctl create its own resolv.conf file, so this should not be done by hand.
    • Create initial ramdisk for booting: run
      • mkinitcpio -p linux
  • Now we install the syslinux boot loader. Raw disk partition names such as “/dev/sda3” can change from boot to boot, so it is safest to refer to them using the UUID mechanism, which provides a non-volatile ID. Determine the UUID for a disk partition using “lsblk”. For example, “lsblk -no UUID /dev/sda” returns the UUID for “/dev/sda”, which we refer to as “uuidnumber”. If, for example you need the UUID for the second partition, use “/dev/sda2”.
    • Download syslinux and a few other packages: run
      • pacman -S syslinux gptfdisk efibootmgr
    • Edit the syslinux configuration file “/boot/syslinux/syslinux.cfg”. Be sure that the root partition in the boot menu is “UUID=uuidnumber” in this file, instead of“/dev/sda3” or wherever else you have put root. In the Menu Configuration section, uncomment “vesamenu.c32” in preference to “menu.c32”. This is more robust in the face of high DPI consoles.
    • Also replace raw device names in the “/etc/fstab” file with entries like “UUID=uuidname”. This includes the root, swap, and boot partitions and any other partitions that get mounted in fstab.
    • Mount the first (fat or ext4) partition somewhere, e.g., “mount /dev/sda1 /mnt”. (You can use raw partition names here since the system hasn’t been rebooted yet.)
    • Copy the contents of “/boot” to the first partition: “cd /boot; cp -r * /mnt”.
    • For UEFI:
      • Change directory to “/mnt” and run:
      • cp -r /usr/lib/syslinux/efi64/* /mnt/syslinux/
      • efibootmgr -c -d /dev/sda -p 1 -l /syslinux/syslinux.efi -L “Syslinux”
      • Change out of the “/mnt” directory and unmount this partition: “umount /mnt”.
    • For traditional BIOS:
      • Change directory to “/mnt/syslinux” and run
      • syslinux-install_update -iam
      • Change out of the “/mnt” directory and unmount this partition: “umount /mnt”.
    • The system should now be bootable. In order to allow pacman to update kernels when needed, mount the first partition on “/boot” in the “etc/fstab” file by adding the line, e.g.,
      • “UUID=uuidnumber /boot vfat rw 0 2” (UEFI)
      • “UUID=uuidnumber /boot ext4 rw 0 2” (BIOS)
    • Test this by running (as root) “mount /boot”. If this doesn’t work, fix it before rebooting, or you will run into problems on boot! Be sure to “umount /boot” after the test.
  • Set the root password: run
    • passwd
  • Exit chroot by running
    • exit
  • Unmount /mnt: run
    • umount /mnt
  • Reboot: run
    • reboot
  • Be sure to remove the install medium. If everything works, the computer should boot into your new Arch system and you should be able to login as root. The internet should be up.
• Install secure shell by hand, create a key, and make it start on boot:
  • pacman -S openssh
  • ssh-keygen
  • systemctl enable sshd.service
  • systemctl start sshd.service
• When running “ssh-keygen”, accept the defaults by hitting return. Then use secure copy to get our script “arch-common” from loro:
  • cd; scp loro:/usr/local/etc/arch-common .
• You will need root access on loro. Run this script to install an additional selection of packages that we need for doing useful work.
  • ./arch-common
• You may want to install our custom lprng package to enable printing if your computer is a print server:
  • cd /usr/local/etc/lprng on loro and copy the lprng...pkg.tar.xz to your root home directory.
  • Change to this directory and run “pacman -U lprng-3.8...”
  • cp printcap-client /etc/lprng/printcap
  • The default values of lpd.conf and lpd.perms in the /etc/lprng/lpd directory should work for a printer client machine.
  • To set up spool files run "checkpc -f" one or more times as needed.
• If your system isn’t a print server, install “cups” instead: “pacman -S cups”.
• Now set up the the enabling of various daemons on startup. Download the script “arch-systemd” from loro and run it:
  • cd
  • scp loro:/usr/local/etc/arch-systemd .
  • ./arch-systemd
• You can examine the daemons started by looking at this file and modifying if necessary. Reboot the system at this point, to activate all of the enabled daemons:
  • shutdown -r now
• If X11 does not work and you are running an Nvidia video card, try installing the alternate driver. First, remove the Nouveau driver
  • pacman -Rs xf86-video-nouveau
  • and then install the Nvidia driver
  • pacman -S nvidia
  • Reboot again.
• To set up the “composition” function in X11 so that accented characters like “á” and “ñ” can be easily entered, execute “setxkbmap -option compose:caps”. This has two effects: The caps lock key no longer locks caps. To get an accented character, type the caps lock key, type the desired accent, and then type the desired character. Note that when running Gnome, “gnome-tweak-tools” allows one to set up composition as well.
• Next comes a series of actions to integrate the new computer with loro. Be sure the loro administrator knows what you are doing.
  • Using network file system:
    • Add the following lines to “/etc/fstab” using your favorite editor:
      loro:/home /home nfs rw 
      loro:/usr/local /usr/local nfs ro 
      loro:/data.gy /data.gy nfs rw
  • Make the directory “/data.gy” and do
    • mount /home; mount /usr/local; mount /data.gy
  • Update the local password and shadow files and run some customization scripts which set up a reasonable root environment:
    • cd /usr/local/etc
    • ./arch-custom
    • ./arch-hosts
  • To put a pretty picture on the splash screen for logging in, copy the contents of /usr/local/etc/lxdm to /etc/lxdm. Then enable the lxdm desktop manager so that it will appear on the next reboot: “systemctl enable lxdm.service”.
  • Edit the /etc/ssh/sshd.conf file to have the line “PermitRootLogin yes” in order to login to the machine remotely as root.
  • Now would be a good time to reboot again.
  • Finally, ask the loro administrator to add your machine to the “ssh-build” list, “munchallpwds” list, and “doallnow” list. Also ask the admin to set up backup of data disks and run “munchallpwds”. You are done!

1.2  Solid state disks

Special considerations apply to the use of solid state disks (SSDs). For all SSDs, do the following:

• Run “fstrim -a” periodically to reclaim unused disk space. Perhaps the best way to do this is to activate the systemd service “fstrim.timer”. This will perform the trim once a week. A time stamp is left in “/var/lib/systemd/timers/stamp-fstrim.timer” when this executes.
• Add the “elevator=noop” kernel option in /boot/syslinux/syslinux.cfg. This disables optimizations that apply only to rotating disks and actually makes disk access faster for SSDs.

1.3  SATA disks

These disks otherwise look like ordinary hard disks to the system.

1.4  NVME disks

This is a newer standard that allows much higher transfer rates than SATA. These disks have names in “/dev” of the form “nvmeXnY” where “X” indicates the controller number (starting from “0”) and “Y” indicates the disk on that controller (starting from “1”). Partition “Z” on the disk (starting from “1”) is indicated by “nvmeXnYpZ”. So partition 3 on disk 1 of controller 0 is “nvme0n1p3”.

Some NVME disks (those from Samsung are mentioned) don’t work with low power states, making the system unstable. To fix this problem, include the kernel option “nvme_core.default_ps_max_latency_us=5500”.

1.5  Intel processors

Intel processors need to load firmware at boot rather than later (as with AMD processors). To accomplish this with the syslinux boot loader (which we use):

• Install the Arch package "intel-ucode".
• Edit the "/boot/syslinux/syslinux.cfg file so that the "LABEL" sections have the "intel-ucode" added to the "INITRD" line as follows:
  • INITRD ../intel-ucode.img,../initramfs-linux.img
• Reboot and you are done.

1.6  Intel AMT

The kernel loads a module called “mei” which interfaces with Intel’s AMT (active management technology) hardware. This causes an annoying (but harmless) error message on boot and wakeup from sleep. Since we don’t use AMT (which allows remote management of your computer at the hardware level - by who knows whom! - ugh!), it is not a bad idea to turn this off. Do so by creating the file “mei.conf” in the directory “/etc/modprobe.d” containing the single line “blacklist mei”.

I don’t know if this is an issue on AMD machines.

1.7  Thinkpad laptops

1.7.1  Notes on Lenovo Thinkpad X230 and X1 Carbon, Generations 1, 4, 5

Most things work out of the box on an ARCH install. However, there are some minor issues:

• The X230 I have has the Centrino 2200 wireless chip. To make this work, install the “ipw2200-fw” package. This provides needed firmware. The module “ipw2200” needs to be loaded manually by creating the file “ipw2200.conf” containing the single line “ipw2200”. This file should be located in the directory “/etc/modules-load.d/”. The X1 has the Centrino Advanced-N 6205 chipset and any firmwire seems to get installed automatically on ARCH.
• The screen brightness controls on the X230 (Fn-F8, Fn-F9) do not work unless a special kernel option is specified. Edit the file “/boot/syslinux/syslinux.cfg”. In the section “LABEL arch”, add to the “APPEND” line (with an intervening space) “acpi_backlight=vendor” (without the quotes). Then reboot. As a bonus, the keyboard lighting can now also be controlled with “Fn-spacebar”!
• For the X1 (and maybe the X230 at this point!) the screen brightness function keys can be made to work by adding "acpi_osi="!Windows 2012" (with an intervening space) to the "APPEND" line in /boot/syslinux/syslinux.cfg.
• For the audio, remember to unmute each channel using the alsamixer program. If pulseaudio is set up, only a single master control is available for sound.
• The ancient PC speaker beep is definitely on the way out. When using X windows, this is activated by the “xkbbell” function and enabled by “xset b”, but this sometimes fails to work. One can make the pulseaudio sound system emulate xkbbell using the following commands:
  • pactl upload-sample /usr/share/sounds/freedesktop/stereo/bell.oga x11-bell
  • pactl load-module module-x11-bell sample=x11-bell display=$DISPLAY
  • Choose alternative sounds from the “/usr/share/sounds...” directory if you like!
  • The “pulseaudio” and “pulseaudio-alsa” packages should be installed.
• For the X1-v1 (and maybe the X230) the internal microphone is turned off by default. To turn it on and off respectively, use the commands
  • amixer set “Capture” cap
  • amixer set “Capture” nocap
• The X1 has solid state disk (SSD). See the previous section on SSDs.
• Touchscreen: The synaptics package is on its way out and the “xf86-input-libinput” package now works better. To make the touchpad work with libinput, install the following in “/etc/X11/xorg.conf.d” as the file “30-touchpad.conf”. The “lmr” associates the left, middle, and right mouse buttons with one, two, and three finger taps. The default is “lrm”:
  • Section "InputClass"
    • Identifier "touchpad"
    • Driver "libinput"
    • MatchIsTouchpad "on"
    • Option "Tapping" "on"
    • Option "TappingButtonMap" "lmr"
  • EndSection
  If the synaptics package is desired, install “xf86-input-synaptics” and copy the file to “/etc/X11/xorg.conf.d”.
• Hi DPI screens: My X1-v4 has a native resolution of 2560x1440 pixels. This causes fonts and icons to be uncomfortably small. To fix this:
  • Use “arandr” to adjust the screen resolution to a coarser value with the same aspect ratio, e.g., 1600x900 in my case. Arandr can be made to save a shell script to the “.screenlayout” directory. This script can be incorporated into the startup of your desktop environment. This works well for simple desktops like openbox, lxde, lxqt, and i3. Fancier desktops have their own apps to do this.
  • The screen resolution can also be fixed by adding the file “10-screen.conf” to “/etc/X11/xorg.conf.d” containing the following:
    • Section "Screen"
    • Identifier "Screen0"
    • SubSection "Display"
    • Virtual 1600 900
    • EndSubSection
    • EndSection
    The screen resolution must be one listed by “arandr”. This solution has the advantage that the display manager also uses it.
  • To suppress the loading of kernel modules that cause problems, in “/boot/syslinux/syslinux.cfg”, add “ modprobe.blacklist=xxx,yyy,zzz...” to the end of “APPEND” for each of the bootable kernels. Don’t forget the leading space, but don’t put spaces between the blacklisted modules “xxx” etc. One recent bad module is “acer-wmi”, which keeps X11 from working.
• My X1-v5 needs the BIOS to be upgraded to version 1.39. Otherwise, certain applications cause the fan to run full speed on restore from sleep.

For more information, see the ARCH wiki pages on these machines.

1.7.2  Notes on Lenovo Thinkpad E485

This laptop runs an AMD Ryzen 3/5 CPU.

• It has a firmware bug that requires the kernel parameter “ivrs_ioapic[32]=00:14.0” to be used.
• When starting the install after the USB stick has booted, hit “tab” to add the above kernel parameter. The command line for booting the kernel will appear. Add the above parameter to the end (without the quotes but with a leading space) and hit return.
• Sleep does not work correctly without the additional kernel parameter “amd_iommu=pt”.
• When setting up the boot configuration in /boot/syslinux, append these parameters to the “APPEND” entry for the kernels of interest as well. I also reverted the BIOS to version 1.32 from 1.48, but this may not be necessary.
• Turn off UEFI in the firmware in favor of the legacy BIOS. Arch won’t boot otherwise.

1.7.3  Upgrading (or downgrading) the BIOS on Thinkpads

Here is how to do it. To downgrade, one generally has to turn off downgrade prevention in the BIOS beforehand.

1.8  Upgrading the operating system

Normally upgrading is done with the command

• pacman -Suy

If upgrading fails due to a package failing to verify, your Arch keyring may be out of date. One way to solve this is to run

• pacman-key –init
• pacman-key –populate archlinux

This updates your keyring from the last upgrade of the arch-keyring package on the local system. If the above doesn’t work, try reinstalling the package “archlinux-keyring” and repeat the above. Also be sure that the package “haveged” is installed.

2  Special installation instructions for loro

Loro is now our network file system and printing server, so it needs special consideration. loro acts as a hot backup. Loro also runs various jobs at specified times via the cron mechanism. Things having to do with the administrative functions of loro are located in “/usr/local/etc”.

2.1  Secure shell daemon

By default, the secure shell daemon turns off password access to root. For root-level communication on the loro cluster, as well as with kestrel, this needs to be turned on. Add to “/etc/ssh/sshd_config”:

PermitRootLogin yes

2.2  Network file system

Two things need to be done to set up file sharing of /usr/local, /home.loro, and /data.gy:

• An “exports” file needs to be put in /etc. This takes the form
  /usr/local thrush(ro,no_subtree_check) ... 
  /home thrush(rw,no_subtree_check) ... 
  /data.gy thrush(rw,no_subtree_check) ... 
  where all of the allowed clients are listed for each mountable file system. Be sure that all the clients actually exist and are under one’s control, or you are possibly open to a big security risk.
• Add the daemon needed for network file system:
  • systemctl enable nfs-server.service

After installing, reboot.

2.3  Running MPI jobs

We now use OpenMPI to run parallel MPI jobs on loro and friends. The Arch “openmpi” package should be installed on all machines.

Generally you should create a “hosts” file to tell OpenMPI on which machines to run your job. For example, the file might be of the form

gy09 slots=1
gy01 slots=4
gy02 slots=4
gy07 slots=8

to run a job with one process on gy09, 4 processes on gy01 and gy02, and 8 processes on gy07. Make the number of slots on each machine no more than the number of CPU cores.

The command line for starting an MPI job is

• mpirun -np 17 - -hostfile hosts /absolute/path/to/executable arg1 arg2 ...

The number following “-np” is the number of processes desired, which should be equal to (or less then, but not more) than the number of slots in the “hosts” file described above. If the host file is omitted, all processes are run on the current machine and the total number of processes must not be greater than the number of cores available on that machine. The absolute path to your executable is needed since the default path available to MPI is limited and probably does not include your home directory. (Is this still true???) This command may be run on any machine that shares any directories used by the MPI job. However, passwd-free ssh access between all the machines used must be set up beforehand.

2.4  Periodic jobs

Loro runs a number of jobs periodically. This is done using the “cron” program. To edit the schedule of jobs run:

• crontab -e

Here is a typical list of entries:

#27 * * * * /usr/local/etc/munchallpwds.sh 
11 23 * * * /usr/bin/crontab -l > /etc/rootcrontab 
13 23 * * * /usr/local/etc/getcustom > /dev/null 
25 2 * * * /usr/local/etc/savehome-del home 
2 2 * * * /usr/local/etc/savelocal 
13 4 * * * /usr/local/etc/checkdata.sh 
2 22 * * * /usr/local/etc/savealldata.sh > /dev/null 
#2 22 * * * /usr/local/etc/savealldata.sh del > /dev/null 
0 21 * * * ssh coot /usr/local/etc/savekestrel.sh > /dev/null 
0 22 * * * ssh peregrine /usr/local/etc/savekestrel.sh > /dev/null 

See the “crontab” man page for further details.

2.5  New user setup on loro

To add a new user, run the program “/usr/local/etc/myuseradd.sh xxx” as root to add user “xxx”. Then run “passwd xxx” and let the new user enter a password. To delete a user, run “userdel -r xxx”. The “-r” removes the home directory and mail files.

3  Special instructions for merlin

Merlin is now our connection to the Internet and also our dnsmasq server that provides local DNS service as well as setting up an IP masquerading firewall. It also provides backup storage for kestrel and loro.

4  Enabling core dumps

To enable core dumps, put this in your .bashrc file:

• ulimit -c unlimited

In addition, systemd causes problems in creating core dumps. To fix this, get systemd out of the loop by doing (as root):

• ln -s /dev/null /etc/sysctl.d/50-coredump.conf
• sysctl kernel.core_pattern=core

5  Python

Arch has moved to version 3 of python, which causes some complications.

Python is python3. Python2 is python2. Had to modify qplot and other programs to run python2, as matplotlib is not ported to python3 yet. To make these python programs run on Debian, link “/usr/bin/python” to “/usr/bin/python2” on the Debian systems.

Arch has up-to-date matplotlib and numpy packages. The package containing setuptools is called “python2-distribute” (for python2). This is needed for the “pupynere” package. “Pupynere” (python-only netcdf) and “pycandis” (candis package) are needed for our work environment. The source exists in “/usr/local/src/python” and is easily installed using

• python2 setup.py install

in the respective package directories.

6  Networking

6.1  Simple networking

For a desktop just use the netctl networking created in the install.

6.2  Laptops

For the laptop, turn off static networking completely by disabling the static, wired network used for the installation. Just install networkmanager and network-manager-applet along with gnome-keyring. This works well for wired as well as wireless networks. The gnome-keyring package allows the storage of network passwords. Since the applet likes to live in the notification area, this results in complications when not using gdm (the gnome session manager).

As an alternative, install use netctl. For each network (wireless or wired) a configuration file must be set up in /etc/netctl. These are simple and configuration examples are given. Wifi-menu (part of the netctl package) allows the generation of configuration scripts automatically while roaming. The additional packages should also be installed: dialog, wireless-tools, wpa-supplicant, dhcpcd. Since this stuff must be run as root, give yourself suid permissions (nopasswd) using visudo. Here is what I have in/etc/sudoers:

raymond ALL=(ALL) NOPASSWD: /usr/bin/netctl,/usr/bin/wifi-menu, /usr/sbin/wpa_supplicant,/sbin/dhcpcd, /usr/sbin/rfkill

I have created a set of convenience routines named ~/bin/net-* to access various networks, as well as a simple shell script called ~/bin/selectnetwork.sh to make it easy to run the desired network.

6.3  IP masquerading

Information comes mostly from the Arch Wiki site.

First, get your external and internal network interfaces set up using netctl. You can set up configuration files for each using the examples in /etc/netctl/examples. Second, prepare the networks to start at boot by running the commands “netctl enable external” and “netctl enable internal”.

Grab the files “masq-start.sh”, “masq-stop.sh”, and “masquerade.service” from “/usr/local/etc”. Edit “masq-start.sh” to correctly identify the ethernet device names used in the netctl files. Then copy the start and stop files to “/etc/iptables” and “masquerade.service” to “/usr/lib/systemd/system”

Start masquerading by running (as root)

• systemctl enable dnsmasq.service
• systemctl enable masquerade.service

Reboot.

7  Printing with CUPS

If this hasn’t been done yet, activate cups with the command

• systemctl enable org.cups.cupsd.service

Then start cups

• systemctl start org.cups.cupsd.service

To configure cups, use your browser to access “http://localhost:631/”. For this to work, your account must be a member of the “lp” and “sys” groups. As root, execute the following:

• gpasswd -a yourloginname lp
• gpasswd -a yourloginname sys

7.1  CUPS client machine

Generally, you don’t have to explicitly add printers run by a CUPS server - they will be found automagically.

One can also connect with an LPRNG print server. With the browser interface, add the printer using the lpd protocol. For example, to connect to the physics printer on kestrel.nmt.edu, use

• lpd://kestrel.nmt.edu/physics

and select “raw” as the printer type. See more below about LPRNG.

8  Printing with LPRNG

LPRNG is old software, an update of the original Berkeley UNIX LPR system. Arch doesn’t support it, but the source code, updated with a modern configuration system, is available on SourceForge here. The best documentation for LPRNG is at its homepage. The cookbook and reference manuals are useful for those installing LPRNG.

Why LPRNG over CUPS? My experience with CUPS is that it is opaque and unstable as a print server (especially with Arch’s rolling update cycle), and generally a frustrating time sink for system admins. LPRNG takes some effort to set up, but it is stable and generally simpler and more transparent than CUPS. A disadvantage of LPRNG is that Gnome3 has seen fit to eliminate support for it. However, CUPs still works on client machines to drive LPRNG printers - see above. This way you can print directly from Gnome3 applications.

8.1  User hints

The main printing command with LPRNG is “lpr”; the status of print jobs can be examined using “lpq”; print jobs can be killed using “lprm”. See the respective man pages for more. As currently set up on kestrel and loro, PostScript, PDF, and plain text files can be printed directly. Other file types are rejected.

To make Gnome2 applications print to LPRNG, you need to create a file named “.gtkrc-2.0” with a single line:

• gtk-print-backends = "file,lpr"

If you are using LXDE, and you have changed the desktop look and feel, your .gtkrc-2.0 file may be overwritten. If so, put the above line in the file “.gtkrc-2.0.mine”. You may have to logout and log back in for this to have an effect.

If using a Gnome3 application such as evince or gnumeric and you still wish to use LPRNG, print to a PDF file and do the actual printing using the command line or an application such as atril (the Gnome2 version of evince, as included in the MATE desktop) or xpdf. Libreoffice prints directly to lpr, so no such monkey business is needed for that application. It uses the printer defined by your PRINTER environment variable in the .bashrc file. Set this variable by putting, for instance, the line

• export PRINTER=physics

(or whatever printer you want) into this file. Look at the file “/usr/local/etc/printcap” to see what printers are available to you.

8.2  Components of LPRNG

LPRNG consists of several components:

• lpr, lpq, lprm, the user commands for printing and managing print jobs;
• lpd, the daemon that controls printing behind the scenes;
• lpc, the system-level printing manager - generally not very useful;
• printcap, the configuration file read by lpr, which describes the available printers and their features;
• behind the scenes configuration files, lpd.conf and lpd.perms, that are used by lpd;
• spool directories, generally located in /var/spool/lpd - these need to be set up by hand;
• checkpc, which also checks out aspects of the printing configuration.

Missing from the LPRNG distribution is a means of starting lpd on boot under systemd. However, I have constructed an lpd service file, called lpd.service. This can be installed and activated using the usual systemd commands. This file needs to be edited by hand before installation to get the location of lpd right.

8.3  Installation

• Unpack the lprng tarball.
• Change into the lprng directory and edit the file STANDARD_configuration. In particular, set the values of –prefix and –sysconfdir where you want them. It is best to set –prefix to /usr/local and –sysconfdir to /usr/local/etc or some such in order to keep lprng stuff out of the Arch-controlled directories. However, sometimes this is not possible.
• Run “sh STANDARD_configuration”, “make”, and “make install”.
• Create a printcap file for your printers in your sysconfdir directory - more on this later.
• In the lpd subdirectory of sysconfdir, copy lpd.conf.sample to lpd.conf and lpd.perms.sample to lpd.perms. The defaults in these files are ok unless you are setting up a remote server - more on this later.
• In the directory /var/spool, create the subdirectory lpd. In this subdirectory, create directories named after each of the printers. Lpd and all subdirectories should have both user and group both set to “daemon” and permissions should be rwx,—,— for user, group, and other. Run the checkpc program to be sure everything is properly set up.
• Copy lpd.service to /usr/lib/systemd/system and run “systemctl enable lpd.service” followed by “systemctl start lpd.servce”. You are now ready to print!

8.4  Arch package

Note that I have put an LPRNG package on the Arch AUR, so you don’t have to compile it yourself! See the AUR page at the Arch website.

8.5  Print server setup

• The lpd.conf file should contain the single uncommented line “lpd_listen_port=515”. This allows remote systems to access the printers on the server.
• In addition, the line "ACCEPT SERVICE=X REMOTEHOST=</etc/accepthost" should be uncommented and the "/etc/accepthost" should be replaced by the absolute path to a file containing a list of the IP addresses of the systems allowed to access the printer. I like to keep this file in the same directory as the lpd.perms file. Groups of IP addresses can be included by entries of the form (for example) 129.138.42.0/24. This example allows all printers with IP addresses 129.138.42.*. (Figure out the meaning of the “24”!)

8.6  The printcap file and filters

The printcap file defines the available printers and controls how they are used. Consult the LPRNG documentation for further information. The current printcap file on kestrel is given here as an example of a server printcap, and the printcap file for loro client machines is given here to show how to construct client printcaps.

LPRNG employs filter programs to convert to a format that the printer can read. There are packages available to do this, including foomatic, apsfilter, and magic filter, but for maximum control, I have invented two filters to deal with postscript printers. These filters print postscript files directly and convert pdf and text files to postscript before printing. The filter psfilter-d.sh prints duplex files while the filter psfilter-s.sh prints simplex files. Note that printers should be set to single sided printing by default - otherwise, single sided printing won’t work.

8.7  CUPS and LPRNG together

Generally CUPS and LPRNG packages conflict and cannot be installed together. However, if a special version of LPRNG is compiled which puts executables in a hidden location not in the normal path, LPRNG can be used as a print server with a client-only configuration of CUPS which sends its print jobs to LPRNG. However, this doesn’t work if a printer is physically attached to the machine, as CUPS aggressively tries to attach to it, creating a deadlock with LPRNG. For network printers this appears not to be an issue. (Maybe CUPS can be house trained in this regard, but currently I don’t know how to do this.)

9  Desktop managers

• LXDM, the LXDE desktop manager, is lightweight and is the current desktop manager of choice. It is easy to configure and is our current choice.
• LightDM is also lightweight and quite usable.
• SDDM is the KDE desktop manager. It works well but is somewhat hard to configure.
• GDM, the Gnome desktop manager, is tied heavily into Gnome. Ugh!

Note: Be sure to delete any .xinitrc and .xsession files that you have in your home directory. With current versions of systemd, these files can interfere with the operation of LXDM and LightDM.

10  Desktop environments

• LXQT: LXQT works well and it is suitable for the new user.
• Openbox: If you like to be really primitive (blank screen on login!), the openbox window manager can be used. Everything is accessed via the middle and right mouse buttons. There are two nice packages, “obconf” and “obmenu” that are helpful in setting up the menus for these mouse buttons. The advantage of openbox is that the desktop is completely uncluttered and things just work. Some hand configuration may be needed but the Arch documentation is excellent.
• I3: Hard core! An excellent working environment if you don’t like clicking the mouse and hate overlapping windows.
• Mate, Gnome, KDE, Cinnamon, etc. Heavyweight desktop environments you might like if you love Windows. Ugh! Mate is probably the most stable.

11  Drawing packages on Linux

• Xfig was our favorite drawing package. Arch has moved xfig from the xaw3d X-11 driver to the old xaw package. This seems to have fixed some of the problems with xfig. However, it is old software and it is gradually degrading.
• Another rather old drawing package is tgif. This seems to do almost everything that xfig does. It is also very self-contained with few dependencies, which makes it robust as systems change. It has Greek letters. This is currently my favorite.
• Inkscape is complex and has a steep learning curve. However, it can import fig files from xfig and Greek letters can be entered by typing in the Unicode number.

12  Making Arch packages for AUR

• See uploading packages
• After making a git repository, use an existing AUR package as a template for your PKGBUILD file.
• To add md5 checksums to your PKGBUILD file, run makepkg -g >> PKGBUILD in your package directory. This command tacks the checksums onto the end of the PKGBUILD file.
• To make a tarball for sending to the AUR, use "mkaurball". This command is included in the "pkgbuild-introspection" package.
• Follow the instructions in the above link to upload to the AUR repository.

This document was translated from L^AT_EX by H^EV^EA.